PRINT
PRINT
SEND MAIL
SEND MAIL

Tag: payload

Windows10

Black Window 10 v2

by D4RkN

  Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system…

Read More Black Window 10 v2
Antivirus EvasionKaliNEW TOOLSRubyVeilVeil-Evasion

Veil – Tool To Generate Metasploit Payloads That Bypass Common Anti-virus Solutions

by Black Hat Sec

Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions.Veil is current under support by @ChrisTruncerSoftware Requirements:The following OSs are officially supported:Debian 8+Kali Linux Rolling 2018.1+The following OSs are likely able to run Veil:Arch LinuxBlackArch LinuxDeepin 15+ElementaryFedora 22+Linux MintParrot SecurityUbuntu 15.10+SetupKali's Quick Installapt -y install veil/usr/share/veil/config/setup.sh --force --silentGit's Quick InstallNOTE:Installation must be done with superuser privileges. If you are not using the root account (as default with Kali Linux), prepend commands with sudo or change to the root user before…

Read More Veil – Tool To Generate Metasploit Payloads That Bypass Common Anti-virus Solutions
FuzzerJavaScriptNEW TOOLSParameterXSSXSS PayloadsXSSFuzzer

XSSFuzzer – A Tool Which Generates XSS Payloads Based On User-Defined Vectors And Fuzzing Lists

by Black Hat Sec

XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists.It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside iframes, it is possible to send GET or POST requests from the browser to arbitrary URLs using generated payloads.Why?XSS Fuzzer is a generic tool that can be useful for multiple purposes, including:Finding new XSS vectors, for any browserTesting XSS…

Read More XSSFuzzer – A Tool Which Generates XSS Payloads Based On User-Defined Vectors And Fuzzing Lists
BurpBurp ExtensionBurp SuiteBurp Suite ExtensionMacNEW TOOLSZipZIP File Raider

ZIP File Raider – Burp Extension For ZIP File Payload Testing

by Black Hat Sec

ZIP File Raider is a Burp Suite extension for attacking web application with ZIP file upload functionality. You can easily inject Burp Scanner/Repeater payloads in ZIP content of the HTTP requests which is not feasible by default. This extension helps to automate the extraction and compression steps.This software was created by Natsasit Jirathammanuwat during a cooperative education course at King Mongkut's University of Technology Thonburi (KMUTT).InstallationSet up Jython standalone Jar in Extender > Options > Python Environment > "Select file...".Add ZIP File Raider extension…

Read More ZIP File Raider – Burp Extension For ZIP File Payload Testing
DamnDVWAInformation SecurityNEW TOOLSNovahotpenetration testingVulnerable ApplicationWebShell

Novahot – A Webshell Framework For Penetration Testers

by Black Hat Sec

novahot is a webshell framework for penetration testers. It implements a JSON-based API that can communicate with trojans written in any language. By default, it ships with trojans written in PHP, ruby, and python.Beyond executing system commands, novahot is able to emulate interactive terminals, including mysql, sqlite3, and psql. It additionally implements "virtual commands" that make it possible to upload, download, edit, and view remote files locallly using your preferred applications.InstallationInstall the executable directly from npm:[sudo] npm install -g novahotThen seed a config file:novahot…

Read More Novahot – A Webshell Framework For Penetration Testers
JavaScriptNEW TOOLSParameterXSSXSS BruteforceXSS DetectionXSS ExploitXSS PayloadsXSS PythonXSS scanner

XSStrike v3.0 – Most Advanced XSS Detection Suite

by Black Hat Sec

Why XSStrike?Every XSS scanner out there has a list of payloads, they inject the payloads and if the payload is reflected into the webpage, it is declared vulnerable but that's just stupid. XSStrike on the other hand analyses the response with multiple parsers and then crafts payloads that are guaranteed to work. Here are some examples of the payloads generated by XSStrike:}]};(confirm)()//\<A%0aONMouseOvER%0d=%0d[8].find(confirm)>z</tiTlE/><a%0donpOintErentER%0d=%0d(prompt)``>z</SCRiPT/><DETAILs/+/onpoINTERenTEr%0a=%0aa=prompt,a()//Apart from that, XSStrike has crawling, fuzzing, WAF detection capabilities as well. It also scans for DOM XSS vulnerabilities.Main FeaturesReflected and DOM XSS…

Read More XSStrike v3.0 – Most Advanced XSS Detection Suite
NEW TOOLSRATRegistryRemoteRecon

RemoteRecon – Remote Recon And Collection

by Black Hat Sec

RemoteRecon provides the ability to execute post-exploitation capabilities against a remote host, without having to expose your complete toolkit/agent. Often times as operator's we need to compromise a host, just so we can keylog or screenshot (or some other miniscule task) against a person/host of interest. Why should you have to push over beacon, empire, innuendo, meterpreter, or a custom RAT to the target? This increases the footprint that you have in the target environment, exposes functionality in your agent, and most likely your…

Read More RemoteRecon – Remote Recon And Collection
ArduinoBadUsbDigiDuck FrameworkNEW TOOLSRubber DuckyScripts

DigiDuck Framework – Framework For Digiduck Development Boards Running ATTiny85 Processors And Micronucleus Bootloader

by Black Hat Sec

Framework for Digiduck Development Boards running ATTiny85 processors and micronucleus bootloader!Roadmap:Plan to implement a command for Duckyspark translation within the framework.Requirements:- ATTiny85 or other compatible "Digispark" Development Board(s)- DigiSpark Drivers (If you can use it with arduino you should be fine.)- OSX or MacOS- ArduinoIDE with Digispark Library InstalledGetting Started:Installation:DigiDuck Framework (Referred to as DDF) is really simple to start and setup! There are no third party modules required for DDF! All you need to do is make sure you have Python 3.6+ (I…

Read More DigiDuck Framework – Framework For Digiduck Development Boards Running ATTiny85 Processors And Micronucleus Bootloader
JavaScriptJShellNetcatNEW TOOLSXSSXSS Shell

JShell – Get A JavaScript Shell With XSS

by Black Hat Sec

JShell - Get a JavaScript shell with XSS.UsagesRun shell.pyand JShell will automatically try to detect your IP address, default LPORT is 33.As you can see the payload has been generated and now all you have to do is to deliver this payload to the victim.As soon as you do that, you will get a JS shell over netcat where you can execute your JavaScript code in victim's browser as soon as the injected page is open.Here's a screenshot:Credits, Disclaimer & LicenseThis script uses the…

Read More JShell – Get A JavaScript Shell With XSS
CVE-2017-6079NEW TOOLS

Exploit CVE-2017-6079 – Blind Command Injection In Edgewater Edgemarc Devices

by Black Hat Sec

This exploit was developed based on the technical description by depthsecurity  HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use this page as a web shell essentially to execute commands, though you get no feedback client-side from the web application: if the command is valid, it executes. An example is the wget command. The page that allows this has been confirmed in firmware as…

Read More Exploit CVE-2017-6079 – Blind Command Injection In Edgewater Edgemarc Devices